Security News

CVE-2018-15895

National Vulnerability Database - Mon, 08/27/2018 - 00:29
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.
Categories: Security News

CVE-2018-15899

National Vulnerability Database - Mon, 08/27/2018 - 00:29
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
Categories: Security News

Vuln: Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Mon, 08/27/2018 - 00:00
Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
Categories: Security News

Vuln: OpenSSH CVE-2018-15473 User Enumeration Vulnerability

SecurityFocus Vulnerabilities - Mon, 08/27/2018 - 00:00
OpenSSH CVE-2018-15473 User Enumeration Vulnerability
Categories: Security News

CVE-2017-18345

National Vulnerability Database - Sun, 08/26/2018 - 17:29
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
Categories: Security News

CVE-2018-15602

National Vulnerability Database - Sun, 08/26/2018 - 17:29
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
Categories: Security News

CVE-2018-15885

National Vulnerability Database - Sun, 08/26/2018 - 17:29
Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.
Categories: Security News

CVE-2018-15888

National Vulnerability Database - Sun, 08/26/2018 - 17:29
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.
Categories: Security News

CVE-2018-15889

National Vulnerability Database - Sun, 08/26/2018 - 17:29
In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Categories: Security News

CVE-2018-15833

National Vulnerability Database - Sun, 08/26/2018 - 13:29
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Categories: Security News

CVE-2011-2767

National Vulnerability Database - Sun, 08/26/2018 - 12:29
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
Categories: Security News

CVE-2018-15876

National Vulnerability Database - Sun, 08/26/2018 - 03:29
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.
Categories: Security News

CVE-2018-15877

National Vulnerability Database - Sun, 08/26/2018 - 03:29
The Plainview Activity Monitor plugin 4.7.11 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
Categories: Security News

CVE-2018-15858

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
Categories: Security News

CVE-2018-15859

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
Categories: Security News

CVE-2018-15861

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
Categories: Security News

CVE-2018-15862

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
Categories: Security News

CVE-2018-15863

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
Categories: Security News

CVE-2018-15864

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
Categories: Security News

CVE-2018-15849

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
Categories: Security News

Pages